Did you know that people can identify you by the way you type on a keyboard? Your fingers sit on each key for some number of milliseconds. That duration can be measured and analyzed. It’s different for everyone, just like a fingerprint. Such identifcation mechanisms are called Behavioral Biometrics. As Sophos Naked Security blog reports:
Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.
That type of success comes after the technology has been trained on a mere 44 input characters.
This can be incredibly useful if you are a bank trying to detect credit card fraud. It can also be useful if you are a rogue government trying to figure out who is coming out the other end of an anonymized TOR node.
If this is a concern for you, consider getting KeyboardPrivacy extension for your Google Chrome browser (Firefox add-on coming soon)
The researchers said that for all we know, anybody could be profiling us based on behavioral biometrics: not just banks looking out for the safety of our accounts, but also, theoretically, repressive governments snooping into our online activities, Moore said:It doesn’t matter if we’re using Tor, a VPN or a proxy site to anonymize our online activity: the keystroke logging isn’t done remotely so it’s not affected. The logging actually happens locally, inside the web pages that we’re rendering and executing in our web browsers, after it’s been downloaded.
To that extent, apps might eventually figure out how to get around this browser plugin. For now, I’d rather have the plugin than not.
How does the plugin work? By applying exactly the same 50ms delay for every keystroke pressed. Specifically,
KeyboardPrivacy will artificially alter the rate at which your entry reaches the Document Object Model (DOM), which is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML, and XML documents.Instead of the highly distinctive, predictable way that we type, Keyboard Privacy imposes a 50 millisecond dwell and gap time – i.e., the duration of key presses and lag between them.
See the demo how the plugin basically renders keyboard behavioral biometrics use
For more information on behavioral biometrics see this.